Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jun 2012 05:19:56 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: phplist before 2.10.18 XSS and sql injection

http://www.exploit-db.com/exploits/18639/

cite from there:
"Desc: Input passed via the parameter 'sortby' is not properly
sanitised before being returned to the user or used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code. The param 'num' is vulnerable to a XSS issue
where the attacker can execute arbitrary HTML and script code in
a user's browser session in context of an affected site."

Upstreams release notes for 2.10.18:
http://www.phplist.com/?lid=567
mentions:
"This version fixes a few small bugs and a security issue that was
found. The security issues fixed require the administrator to be logged
in. Therefore the vulnerability can be classified as "intermediate".
There's no immediate danger of the vulnerabilities to be exploited
remotely."

Please assign two CVEs.

-- 
Hanno Bck		mail/jabber: hanno@...eck.de
GPG: BBB51E42		http://www.hboeck.de/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ